| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4a0fcf72130d3ef5c4ca91b518f66ac6449cf57f.1622565590.git.gnault@redhat.com>
Date: Tue, 1 Jun 2021 19:09:31 +0200
From: Guillaume Nault <gnault@...hat.com>
To: Stephen Hemminger <stephen@...workplumber.org>
Cc: netdev@...r.kernel.org
Subject: [PATCH iproute2] utils: bump max args number to 256 for batch files
Large tc filters can have many arguments. For example the following
filter matches the first 7 MPLS LSEs, pops all of them, then updates
the Ethernet header and redirects the resulting packet to eth1.
filter add dev eth0 ingress handle 44 priority 100 \
protocol mpls_uc flower mpls \
lse depth 1 label 1040076 tc 4 bos 0 ttl 175 \
lse depth 2 label 89648 tc 2 bos 0 ttl 9 \
lse depth 3 label 63417 tc 5 bos 0 ttl 185 \
lse depth 4 label 593135 tc 5 bos 0 ttl 67 \
lse depth 5 label 857021 tc 0 bos 0 ttl 181 \
lse depth 6 label 239239 tc 1 bos 0 ttl 254 \
lse depth 7 label 30 tc 7 bos 1 ttl 237 \
action mpls pop protocol mpls_uc pipe \
action mpls pop protocol mpls_uc pipe \
action mpls pop protocol mpls_uc pipe \
action mpls pop protocol mpls_uc pipe \
action mpls pop protocol mpls_uc pipe \
action mpls pop protocol mpls_uc pipe \
action mpls pop protocol ipv6 pipe \
action vlan pop_eth pipe \
action vlan push_eth \
dst_mac 00:00:5e:00:53:7e \
src_mac 00:00:5e:00:53:03 pipe \
action mirred egress redirect dev eth1
This filter has 149 arguments, so it can't be used with tc -batch
which is limited to a 100.
Let's bump the limit to the next power of 2. That should leave a lot of
room for big batch commands.
Signed-off-by: Guillaume Nault <gnault@...hat.com>
---
Note: I have no production use case for MPLS stacks with 7 LSEs at the
moment, but 7 is the maximum depth the flow dissector can handle,
and having the possibility to express such rules with tc -batch
would help testing the kernel API (writing scripts that generate
filters, without worrying about the 100 parameters limit).
lib/utils.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/utils.c b/lib/utils.c
index 93ae0c55..d5496e45 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -1714,10 +1714,10 @@ int do_batch(const char *name, bool force,
cmdlineno = 0;
while (getcmdline(&line, &len, stdin) != -1) {
- char *largv[100];
+ char *largv[256];
int largc;
- largc = makeargs(line, largv, 100);
+ largc = makeargs(line, largv, 256);
if (!largc)
continue; /* blank line */
--
2.21.3
Powered by blists - more mailing lists